CVE-2013-2685

Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk Open Source 11.x before 11.2.2 allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header.

Published: Apr 1, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-2685
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
asterisk / open_source	11.0.0-beta1	11.0.0-beta1.x
asterisk / open_source	11.1.0-rc1	11.1.0-rc1.x
asterisk / open_source	11.2.1	11.2.1.x
asterisk / open_source	11.0.0-rc2	11.0.0-rc2.x
asterisk / open_source	11.0.2	11.0.2.x
asterisk / open_source	11.0.1	11.0.1.x
asterisk / open_source	11.2.0-rc2	11.2.0-rc2.x
asterisk / open_source	11.1.2	11.1.2.x
asterisk / open_source	11.1.0	11.1.0.x
asterisk / open_source	11.1.1	11.1.1.x
asterisk / open_source	11.1.0-rc3	11.1.0-rc3.x
asterisk / open_source	11.2.0	11.2.0.x
asterisk / open_source	11.0.0-rc1	11.0.0-rc1.x
asterisk / open_source	11.2.0-rc1	11.2.0-rc1.x
asterisk / open_source	11.0.0	11.0.0.x
asterisk / open_source	11.0.0-beta2	11.0.0-beta2.x

Vulnerability Database

289,697

CVE-2013-2685